﻿using System;
using System.Configuration;
using System.Data.SqlClient;

namespace wall
{
    public partial class AdminLogin : System.Web.UI.Page
    {
        protected void btnLogin_Click(object sender, EventArgs e)
        {
            string username = txtUsername.Text;
            string password = txtPassword.Text;

            string connectionString = ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;

            using (SqlConnection connection = new SqlConnection(connectionString))
            {
                string query = "SELECT * FROM Admins WHERE Username = @Username AND Password = @Password";
                SqlCommand command = new SqlCommand(query, connection);
                command.Parameters.AddWithValue("@Username", username);
                command.Parameters.AddWithValue("@Password", password);

                try
                {
                    connection.Open();
                    SqlDataReader reader = command.ExecuteReader();

                    if (reader.Read())
                    {
                        lblMessage.Text = "登录成功！";
                        Session["Admin"] = username;
                        Response.Redirect("AdminPanel.aspx");
                    }
                    else
                    {
                        lblMessage.Text = "用户名或密码错误！";
                    }
                }
                catch (Exception ex)
                {
                    lblMessage.Text = "发生错误：" + ex.Message;
                }
            }
        }

        protected void Page_Load(object sender, EventArgs e)
        {

        }
    }
}
